New Android Malware Bypasses Multifactor Authentication

New Android malware bypasses multifactor authentication

MaliBot is targeted at financial fraud. However, the malware needs access to the Android user interface to do so. Via overlay, MaliBot then also bypasses a login in several steps.

Researchers from F5 Labs have discovered a new malware for Google’s Android mobile operating system. It is capable of bypassing multifactor authentication to steal passwords as well as details of bank accounts and cryptocurrency wallets.

In addition, the malware, known as Mali-Bot, can also spy on text messages, record screenshots, and access browser cookies. MaliBot is spread via phishing messages, which usually land on potential victims’ devices as SMS messages. They are tricked into clicking on a link that eventually downloads the malware to their device.

So far, the researchers found two websites that offer MaliBot for download. One site is a fake version of a legitimate cryptocurrency tracker app with more than a million downloads in Google’s Play Store.

MaliBot spreads itself via SMS

Like most such malware, MaliBot requires access to Android’s control panels to perform its tasks. If this is granted, the malware overlays legitimate requests to log in to a user’s account, making it impossible for users to detect a fraud attempt. MaliBot uses this technique, for example, to bypass multi-factor authentication for a cryptocurrency wallet – and steal cryptocurrency.

However, MaliBot is also capable of sending SMS messages. The malicious program uses this feature to spread and infect other users. FluBot malware also credits its great success to this tactic.

At the moment, MaliBot apparently only targets customers of financial institutions in Spain and Italy. However, the researchers assume that the backers will add other targets or countries in the course of time. In general, MaliBot is able to take complete control of a device and also perform tasks other than financial fraud.

Users should not download and install applications offered to them via a link in an SMS or text message in order to protect themselves from infection with Malibot and similar malware. Instead, they should stick to legitimate sources, such as the Google Play Store.